Add neverallow rules further restricing service_manager.

Add a neverallow rule that prevents domain from adding a default_android_service. Add a neverallow rule that prevents untrusted_app from ever adding a service through servicemanager. Change-Id: I963671fb1224147bb49ec8f0b6be0dcc91c23156
2014-07-07 09:27:53 -07:00 · 2014-07-07 09:27:53 -07:00 · 76206abc9f
commit 76206abc9f
parent 5b2ed83357
2 changed files with 12 additions and 0 deletions
--- a/domain.te
+++ b/domain.te
@ -289,3 +289,10 @@ neverallow domain {fs_type -contextmount_type}:filesystem relabelto;
 # mount to another type.
 neverallow { domain -recovery } contextmount_type:dir_file_class_set
    { create write setattr relabelfrom relabelto append unlink link rename };
+
+# Do not allow service_manager add for default_android_service.
+# Instead domains should use a more specific type such as
+# system_app_service rather than the generic type.
+# New service_types are defined in service.te and new mappings
+# from service name to service_type are defined in service_contexts.
+neverallow domain default_android_service:service_manager add;
--- a/untrusted_app.te
+++ b/untrusted_app.te
@ -71,3 +71,8 @@ allow untrusted_app cache_file:file create_file_perms;
 # Too much leaky information in debugfs. It's a security
 # best practice to ensure these files aren't readable.
 neverallow untrusted_app debugfs:file read;
+
+# Do not allow untrusted apps to register services.
+# Only trusted components of Android should be registering
+# services.
+neverallow untrusted_app service_manager_type:service_manager add;